How to Prevent Gatekeeper Turning Back On Automatically in Mac OS X
Gatekeeper is a security feature built into Mac OS X which helps to prevent unauthorized applications and code from executing on a Mac. Most users have encountered Gatekeeper before when they go to open an application downloaded from the internet, where you see an “App can’t be opened because it is from an unidentified developer” error message. Because Gatekeeper is a worthwhile security feature, almost all Mac users should leave it enabled, but some advanced OS X users, developers, and systems administrators may need to disable Gatekeeper. While you can do that, users will find that Gatekeeper re-enables itself after a 30 day period has lapsed, basically meaning that Gatekeeper will turn itself back on even if it has been turned off.
This is a security feature called ‘Auto Rearm’ and it’s a new addition to Gatekeeper in MacOS Sierra, OS X El Capitan and Yosemite, but with a little effort the auto-enable feature can be disabled too.
Disabling Gatekeeper Auto-Rearm Feature in Mac OS X
With a defaults command string you can prevent Gatekeeper from reactivating itself after it has been disabled for 30 days. This applies to modern versions of Mac OS X, but is really only relevant for advanced users.
Open the Terminal application (/Applications/Utilities) and enter the following defaults command string:
sudo defaults write /Library/Preferences/com.apple.security GKAutoRearm -bool NO
Hit return and enter the admin password as usual, this will prevent Gatekeeper from turning itself back on again after 30 days the next time you turn the feature off in the settings or from the command line.
Re-Enabling Gatekeeper AutoRearm with defaults in Mac OS X
To go back to the default setting and return Gatekeeper to it’s automatic reactivation abilities after 30 days, simply enter the following command string in the terminal:
sudo defaults write /Library/Preferences/com.apple.security GKAutoRearm -bool YES
Again hit return and enter an administrator password, Gatekeeper will turn itself back on again as intended.
Should the average user do this? No. Even for advanced users, this may be considered somewhat extreme, and perhaps a better approach may be to go about adding Gatekeeper exceptions manually for apps as needed, or just use the bypass method through System Preferences when an app is encountered by Gatekeeper.
Heads up to JonsView for discovering this defaults command.